【摘要】：隨著高速I(mǎi)nternet的發(fā)展,越來(lái)越多的基于IP的實(shí)時(shí)業(yè)務(wù)出現(xiàn)。有線運(yùn)營(yíng)商和CabLabs及其會(huì)員制定了Packet Cable協(xié)議對(duì)數(shù)據(jù)包進(jìn)行統(tǒng)一的定義、設(shè)計(jì)、開(kāi)發(fā)和部署。 PacketCable2.0定義了一種通過(guò)高速Cable Modem接入的多媒體網(wǎng)絡(luò)結(jié)構(gòu)。在PacketCable2.0的系統(tǒng)架構(gòu)中規(guī)定,安全Provisioning是UE使用SNMPv3協(xié)議配合Kerberos協(xié)議,為UE安全地提供IP配置參數(shù)的過(guò)程。 本課題將SNMPv3協(xié)議與Kerberos協(xié)議相結(jié)合,設(shè)計(jì)并實(shí)現(xiàn)了一種基于KSM的net-snmp拓展,共同為Provisioning過(guò)程提供安全性保證。論文主要工作如下： 1)研究基于KSM的SNMPv3協(xié)議的可行性,設(shè)計(jì)一種將SNMPv3默認(rèn)安全模塊USM替換為KSM的方法； 2)設(shè)計(jì)KSM的安全字段,將SNMPv3消息中USM的安全字段完全用KSM的安全字段替換； 3)完成KSM的分模塊實(shí)現(xiàn),主要分為安全參數(shù)解析模塊,加密模塊,認(rèn)證模塊,解密模塊,安全參數(shù)構(gòu)建模塊等五個(gè)模塊；完成基于KSM的net-snmp系統(tǒng)拓展實(shí)現(xiàn)； 4)用snmpget命令測(cè)試基于KSM的net-snmp系統(tǒng)效率,與基于USM的net-snmp系統(tǒng)的效率進(jìn)行對(duì)比分析。 由于KSM基于第三方認(rèn)證系統(tǒng)KDC,因此,基于Kerberos的SNMP系統(tǒng)大大簡(jiǎn)化了密鑰管理,降低了使用SNMPv3協(xié)議設(shè)備的負(fù)擔(dān),使用戶設(shè)備能承擔(dān)安全性所耗費(fèi)的性能,為SNMPv3的推廣創(chuàng)造了條件；并且Kerberos基于證書(shū)安全,對(duì)通信雙方進(jìn)行認(rèn)證,為SNMPv3的通信安全提供了強(qiáng)有力的保障。
[Abstract]:With the development of high-speed Internet, more and more real-time services based on IP appear. Cable operators and CabLabs and their members have developed a unified definition, design, development and deployment of data packets under the Packet Cable protocol. PacketCable2.0 defines a multimedia network structure via high-speed Cable Modem access. It is stipulated in the system architecture of PacketCable2.0 that secure Provisioning is a process in which UE uses SNMPv3 protocol to cooperate with Kerberos protocol to provide IP configuration parameters safely for UE. This paper combines SNMPv3 protocol with Kerberos protocol, designs and implements a kind of net-snmp extension based on KSM, which provides security guarantee for Provisioning process. The main work of this paper is as follows: 1) the feasibility of SNMPv3 protocol based on KSM is studied and a method of replacing SNMPv3 default security module USM with KSM is designed. 2) designing the security field of KSM, replacing the security field of USM in SNMPv3 message with the secure field of KSM; 3) the implementation of KSM is divided into five modules: security parameter analysis module, encryption module, authentication module, decryption module, security parameter construction module, etc. 4) the efficiency of net-snmp system based on KSM is tested with snmpget command, and the efficiency of net-snmp system based on USM is compared with that of net-snmp system based on USM. Because KSM is based on the third party authentication system KDC, the SNMP system based on Kerberos greatly simplifies the key management, reduces the burden of using SNMPv3 protocol devices, enables the user equipment to bear the performance of the security cost, and creates the conditions for the popularization of SNMPv3. Based on the certificate security, Kerberos authenticates the two sides of the communication, which provides a strong guarantee for the communication security of SNMPv3.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP311.52

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 劉洋;季仲梅;劉其鋒;;SNMPv3協(xié)議安全機(jī)制的研究[J];計(jì)算機(jī)安全;2010年01期

2 應(yīng)偉鋒,段小東,沈金龍;SNMPv1、SNMPv2和SNMPv3的安全性協(xié)議分析與比較[J];計(jì)算機(jī)工程;2002年10期

3 賴旭軍;王慶生;;淺析SNMPv3的安全性[J];科技情報(bào)開(kāi)發(fā)與經(jīng)濟(jì);2008年01期

4 姚春華;江泓;;基于角色的動(dòng)態(tài)訪問(wèn)控制在SNMPv3中的應(yīng)用[J];通信技術(shù);2008年05期

5 華丕煥;;基于軟交換技術(shù)的VoIP over HFC[J];有線電視技術(shù);2007年01期

，

本文編號(hào)：2318531